NYgs23
04-16-2011, 11:46 AM
White House draft bill expands DHS cyber responsibilities (http://federalnewsradio.com/index.php?nid=35&sid=2345684)
Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.
The proposal would codify much of the administration's memo from July 2010 expanding DHS's cyber responsibilities for civilian networks.
"I have to question why the Executive branch is writing legislation," said the source, who requested anonymity because they were not authorized to talk about it. "This is not a proposal or white paper like the White House usually sends to Capitol Hill. This is the actual legislation."
For instance under cyber crime, the proposal would expand the Computer Fraud and Abuse Act to include a series of criminal offensives for cyber attacks and confidentiality abuses. It also would expand the Racketeer Influenced and Corrupt Organizations (RICO) Act to establish criminal penalties for cyber crime.
Under critical infrastructure protection, the bill lets the DHS secretary decide what is critical infrastructure, assess audit systems for cyber resilience and create an industry of third-party accreditors and evaluators to assess private sector owners and operators systems for meeting cybersecurity requirements.
The proposal also requires the development of voluntary consensus standards by industry, academic and government experts for each sector.
The bill states that owners and operators of critical infrastructure shall develop cybersecurity measures, and a senior accountable official must sign and attest to their implementation. The bill adds that form must remain on file and available for review, inspection and evaluations by third-party evaluators.
I especially like the part about industries being "required" to develop "voluntary" standards.
Under a White House plan, the Homeland Security Department will have far-reaching oversight over all civilian agency computer networks.
The proposal would codify much of the administration's memo from July 2010 expanding DHS's cyber responsibilities for civilian networks.
"I have to question why the Executive branch is writing legislation," said the source, who requested anonymity because they were not authorized to talk about it. "This is not a proposal or white paper like the White House usually sends to Capitol Hill. This is the actual legislation."
For instance under cyber crime, the proposal would expand the Computer Fraud and Abuse Act to include a series of criminal offensives for cyber attacks and confidentiality abuses. It also would expand the Racketeer Influenced and Corrupt Organizations (RICO) Act to establish criminal penalties for cyber crime.
Under critical infrastructure protection, the bill lets the DHS secretary decide what is critical infrastructure, assess audit systems for cyber resilience and create an industry of third-party accreditors and evaluators to assess private sector owners and operators systems for meeting cybersecurity requirements.
The proposal also requires the development of voluntary consensus standards by industry, academic and government experts for each sector.
The bill states that owners and operators of critical infrastructure shall develop cybersecurity measures, and a senior accountable official must sign and attest to their implementation. The bill adds that form must remain on file and available for review, inspection and evaluations by third-party evaluators.
I especially like the part about industries being "required" to develop "voluntary" standards.